Malware Alert! The risk of image searches on Google and Bing
When was the last time you carried out an image search on Google Images? Did you check the website the image was hosted on before you downloaded it on your computer or smartphone? Unknown to you, image searches are one of the biggest channels of malware over the Internet.
Security conscious Internet users regularly take several precautions to avoid phishing pages and malicious websites. However, even the most security savvy individual can get outfoxed sometimes. Image searches on Google, Bing or other search engines are known to take users to infected websites that carry malicious codes and drive-by downloads. Unfortunately, many users just ignore the risks involved and end up with malware on their machines.
The threat arises when a user carries out an image search on Google or Bing (we are focusing on these search engines as they are the most commonly used ones). The results show thumbnails of images and a user clicks on the most suitable one without checking the website that hosts the image. This is extremely risky as some websites possibly contain all kinds of malware. Moreover, when a user finds a suitable image he downloads it on his machine and this injects malware into the system.
How search engines are compromised
A malicious website regularly scours the Internet to discover images that are popular. This includes images of celebrities, logos, symbols and trending memes. The website then optimizes its content to rank higher in an image search. This process is known as Black Hat SEO. So a user searches for an image, sees the infected website’s image in the search results, visits the page and downloads the image to inject malware into the system.
In the case of a Google search, the website stays hidden behind the image. There is an option on the side that allows the user to “Visit page” but most people do not bother visiting the website before saving the image locally.
Bing is slightly better because the user can scroll down to see the full website. But again, this is something that very few people actively do.
Tips to avoid infected image searches
So what can users do to protect themselves from image search result threats? Here are some useful tips.
- Always check the website that hosts the image you are downloading. Visit the page to view it properly.
- Keep in mind that opening the image in a new tab from the search results page is the same as visiting the website.
- Remember that if a website appears on top in a search results page, it does not necessarily mean that it is a legitimate website. Unsafe websites can also use SEO techniques to manipulate search results.
- Ensure that your web browser, operating system and other programs are fully updated. Unpatched programs have the biggest security holes and are most vulnerable.
- Update your virus protection software regularly. Quick Heal products provide browsing protection that blocks unsafe websites from being displayed. If you are a Mac user, you can also install Quick Heal Total Security for Mac.
The next time you carry out an image search on Google or Bing or other search engines, ensure that you follow these tips. This will keep you safe and protected from various unseen threats that are embedded in poisoned search results. A lot of malware reaches people’s machines through images that they have actively searched for and downloaded, so it is necessary for Internet users to be aware of this threat.
26 Comments
what is SEO?
Hi Snehil,
SEO stands for Search Engine Optimization. It involves the optimization of websites for search engines like Google and others. You can read more about it by searching for it on the web.
Regards.
sir
i have installed win2000 server edition quickheal but it do not cleans autorun and pop up every time
thanku kiran
Hi Kiran,
Kindly visit this page to submit a ticket about your grievance – https://www.quickheal.co.in/submitticket.asp. Our support team will contact you with a solution to this issue.
Regards.
thank for this update….
I usually search many item in google and bing search engine…
so thanks for this….
How a safe site is distinguished from a bad one? Can a common user separate the websites?
You have suggested, in your first point, to check the web site that hosts the image. You have also suggested to visit the page to view it properly. In the next line you have made it clear that opening the image in new tab is same as visiting the web site. But, in your first point, isn’t it what you are suggesting a user should do? i.e. visiting the web site. All this is somewhat confusing.
Hi Shirish,
The point I was trying to make is that when you view the image in a new tab you are on the website but you cannot see the website clearly since the image blocks it. Most people do not realize this. Checking the website means reading the URL (the website address) and not finding anything suspicious. It is advisable to download the image from a known or reputable website.
Regards.
Thanks a bunch for this useful information. Till today, I just used to open the image and download… But Never thought about checking the source website from where the image is.
This post has made me a lot conscious about Downloading Images.
Oops! Didn’t know that.
Does opening Google image search ( without downloading them ) also inject malwares into the computer?
Hi Himanshu,
If a website has been infected with a drive-by download, it is possible that opening the image will inject the malware into a PC. A drive-by download is a download that starts as soon as a machine visits a website.
Regards.
Hi, how can a .jpg file possibly harm your computer with a virus?
Hi Darshan,
Any file can be combined with malware, irrespective of the extension. When that file is downloaded on a computer, the malware accompanies it.
Regards.
Looks like I have the Malware….
Now what do I do.I have run the Anti Malware of QHeal. But nothing has come out of that.????
Hi Chandrashekhar,
You should run a full system scan first. If the malware is still present you need to call our support center on 927-22-33-000 immediately.
Regards.
thanks a lot,long time back i was downloading images from these sites,but i stopped.
QUICKHEAL must have the ability to protect its users by intercepting before
the user falls victim.
I remember QH once intercepted and saved me from damage and harassment.
Thanks this information. How can we detect ourselves phishing and malicious websites? If we can not detect it, we are most likely to go in malicious websites.
Hi Dr. Taka Zirdo,
Kindly refer to this post to learn how to avoid the phishing trap. The more you read about phishing attacks, the better prepared you can be.
Regards.
Thanks Rahul,
QH Team is excellent .
Regards
I have been using Quick Heal since 2008 or 2009. Before that it used to be the “so called antivirus programs” like Norton, McAfee, AVG, etc. that I was using. I used to get lot of “intrusion attacks” on my pc & laptop & subsequently what followed was a total system crash. All my data was “washed away”. Since the usage of Quick Heal, there ain’t no system crashes, intrusion attacks, malware attacks, trojan attacks, you name it. Just like a country has its suberb defence forces to protect the country & its citizens, we have Quick heal for our PC/Laptop/Android based devices/Mac & our data. Way to go team Quick Heal.
How to use image search safely?
Hi Nilesh,
The best thing you can do is check the website properly before you actually save the image and download it on your machine.
Regards.
Thanks rahul for updating us with SEO poisoning,image search affecting the system
sir,
I am using QH for last few years and the experience is very satisfying .we follow your alerts .but if sometimes we forget ot apply the suggestions in the alerts (such as the latest instructions regarding waterholes & java) can i rely on QH for taking care of my PC.I regularly update my PC.
THANKING YOU,
Anil Apte.
Hi Anil,
Thank you for your appreciation and loyalty towards us. These alerts are designed to create awareness and provide assistance over and above the protection that our products provide. Following the suggestions in these alerts will certainly improve your system protection but you can rest assured that Quick Heal will tackle all security risks that pose a threat to your machine/s.
Regards.